sym-encryption #1
@ -12,7 +12,7 @@ func newControlCipher(privKey, pubKey []byte) *controlCipher {
|
||||
return &controlCipher{shared}
|
||||
}
|
||||
|
||||
func (cc *controlCipher) Encrypt(h xHeader, data, out []byte) []byte {
|
||||
func (cc *controlCipher) Encrypt(h header, data, out []byte) []byte {
|
||||
const s = controlHeaderSize
|
||||
out = out[:s+controlCipherOverhead+len(data)]
|
||||
h.Marshal(out[:s])
|
||||
|
||||
@ -40,7 +40,7 @@ func TestControlCipher(t *testing.T) {
|
||||
}
|
||||
|
||||
for _, plaintext := range testCases {
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
StreamID: controlStreamID,
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
@ -51,7 +51,7 @@ func TestControlCipher(t *testing.T) {
|
||||
|
||||
encrypted = c1.Encrypt(h1, plaintext, encrypted)
|
||||
|
||||
h2 := xHeader{}
|
||||
h2 := header{}
|
||||
h2.Parse(encrypted)
|
||||
if !reflect.DeepEqual(h1, h2) {
|
||||
t.Fatal(h1, h2)
|
||||
@ -80,7 +80,7 @@ func TestControlCipher_ShortCiphertext(t *testing.T) {
|
||||
|
||||
func BenchmarkControlCipher_Encrypt(b *testing.B) {
|
||||
c1, _ := newControlCipherForTesting()
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
DestIP: 88,
|
||||
@ -100,7 +100,7 @@ func BenchmarkControlCipher_Encrypt(b *testing.B) {
|
||||
func BenchmarkControlCipher_Decrypt(b *testing.B) {
|
||||
c1, c2 := newControlCipherForTesting()
|
||||
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
DestIP: 88,
|
||||
|
||||
@ -39,7 +39,7 @@ func (sc *dataCipher) Key() [32]byte {
|
||||
return sc.key
|
||||
}
|
||||
|
||||
func (sc *dataCipher) Encrypt(h xHeader, data, out []byte) []byte {
|
||||
func (sc *dataCipher) Encrypt(h header, data, out []byte) []byte {
|
||||
const s = dataHeaderSize
|
||||
out = out[:s+dataCipherOverhead+len(data)]
|
||||
h.Marshal(out[:s])
|
||||
|
||||
@ -22,7 +22,7 @@ func TestDataCipher(t *testing.T) {
|
||||
}
|
||||
|
||||
for _, plaintext := range testCases {
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
StreamID: dataStreamID,
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
@ -33,7 +33,7 @@ func TestDataCipher(t *testing.T) {
|
||||
|
||||
dc1 := newDataCipher()
|
||||
encrypted = dc1.Encrypt(h1, plaintext, encrypted)
|
||||
h2 := xHeader{}
|
||||
h2 := header{}
|
||||
h2.Parse(encrypted)
|
||||
|
||||
dc2 := newDataCipherFromKey(dc1.Key())
|
||||
@ -67,7 +67,7 @@ func TestDataCipher_ModifyCiphertext(t *testing.T) {
|
||||
}
|
||||
|
||||
for _, plaintext := range testCases {
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
DestIP: 88,
|
||||
@ -99,7 +99,7 @@ func TestDataCipher_ShortCiphertext(t *testing.T) {
|
||||
}
|
||||
|
||||
func BenchmarkDataCipher_Encrypt(b *testing.B) {
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
DestIP: 88,
|
||||
@ -118,7 +118,7 @@ func BenchmarkDataCipher_Encrypt(b *testing.B) {
|
||||
}
|
||||
|
||||
func BenchmarkDataCipher_Decrypt(b *testing.B) {
|
||||
h1 := xHeader{
|
||||
h1 := header{
|
||||
Counter: 235153,
|
||||
SourceIP: 4,
|
||||
DestIP: 88,
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
package node
|
||||
|
||||
const bufferSize = if_mtu + 128
|
||||
const (
|
||||
bufferSize = 1536
|
||||
if_mtu = 1200
|
||||
if_queue_len = 2048
|
||||
controlCipherOverhead = 16
|
||||
dataCipherOverhead = 16
|
||||
)
|
||||
|
||||
@ -5,34 +5,29 @@ import "unsafe"
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
const (
|
||||
headerSize = 12
|
||||
|
||||
controlStreamID = 2
|
||||
controlHeaderSize = 24
|
||||
controlCipherOverhead = 16
|
||||
|
||||
dataStreamID = 1
|
||||
dataHeaderSize = 12
|
||||
dataCipherOverhead = 16
|
||||
|
||||
forwardStreamID = 3
|
||||
headerSize = 12
|
||||
controlStreamID = 2
|
||||
controlHeaderSize = 24
|
||||
dataStreamID = 1
|
||||
dataHeaderSize = 12
|
||||
forwardStreamID = 3
|
||||
)
|
||||
|
||||
type xHeader struct {
|
||||
type header struct {
|
||||
StreamID byte
|
||||
Counter uint64 // Init with fasttime.Now() << 30 to ensure monotonic.
|
||||
SourceIP byte
|
||||
DestIP byte
|
||||
}
|
||||
|
||||
func (h *xHeader) Parse(b []byte) {
|
||||
func (h *header) Parse(b []byte) {
|
||||
h.StreamID = b[0]
|
||||
h.Counter = *(*uint64)(unsafe.Pointer(&b[1]))
|
||||
h.SourceIP = b[9]
|
||||
h.DestIP = b[10]
|
||||
}
|
||||
|
||||
func (h *xHeader) Marshal(buf []byte) {
|
||||
func (h *header) Marshal(buf []byte) {
|
||||
buf[0] = h.StreamID
|
||||
*(*uint64)(unsafe.Pointer(&buf[1])) = h.Counter
|
||||
buf[9] = h.SourceIP
|
||||
|
||||
@ -3,7 +3,7 @@ package node
|
||||
import "testing"
|
||||
|
||||
func TestHeaderMarshalParse(t *testing.T) {
|
||||
nIn := xHeader{
|
||||
nIn := header{
|
||||
StreamID: 23,
|
||||
Counter: 3212,
|
||||
SourceIP: 34,
|
||||
@ -13,7 +13,7 @@ func TestHeaderMarshalParse(t *testing.T) {
|
||||
buf := make([]byte, headerSize)
|
||||
nIn.Marshal(buf)
|
||||
|
||||
nOut := xHeader{}
|
||||
nOut := header{}
|
||||
nOut.Parse(buf)
|
||||
if nIn != nOut {
|
||||
t.Fatal(nIn, nOut)
|
||||
|
||||
@ -50,11 +50,6 @@ func readNextPacket(iface io.ReadWriteCloser, buf []byte) ([]byte, byte, error)
|
||||
}
|
||||
}
|
||||
|
||||
const (
|
||||
if_mtu = 1350
|
||||
if_queue_len = 2048
|
||||
)
|
||||
|
||||
func openInterface(network []byte, localIP byte, name string) (io.ReadWriteCloser, error) {
|
||||
if len(network) != 4 {
|
||||
return nil, fmt.Errorf("expected network to be 4 bytes, got %d", len(network))
|
||||
|
||||
@ -141,7 +141,7 @@ func readFromConn(conn *net.UDPConn, peers remotePeers) {
|
||||
err error
|
||||
buf = make([]byte, bufferSize)
|
||||
data []byte
|
||||
h xHeader
|
||||
h header
|
||||
)
|
||||
|
||||
for {
|
||||
|
||||
@ -186,7 +186,7 @@ func (rp *peerSuper) updateShared() {
|
||||
|
||||
func (rp *peerSuper) sendControlPacket(pkt interface{ Marshal([]byte) []byte }) {
|
||||
buf := pkt.Marshal(rp.pktBuf)
|
||||
h := xHeader{
|
||||
h := header{
|
||||
StreamID: controlStreamID,
|
||||
Counter: atomic.AddUint64(&rp.counter, 1),
|
||||
SourceIP: rp.localIP,
|
||||
|
||||
@ -15,6 +15,7 @@ type peerData struct {
|
||||
controlCipher *controlCipher
|
||||
dataCipher *dataCipher
|
||||
remoteAddr netip.AddrPort
|
||||
relayIP byte // Non-zero if we should relay.
|
||||
}
|
||||
|
||||
type remotePeer struct {
|
||||
@ -88,7 +89,7 @@ func (rp *remotePeer) HandlePeerUpdate(peer *m.Peer) {
|
||||
// HandlePacket accepts a raw data packet coming in from the network.
|
||||
//
|
||||
// This function is called by a single thread.
|
||||
func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h xHeader, data []byte) {
|
||||
func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h header, data []byte) {
|
||||
switch h.StreamID {
|
||||
case controlStreamID:
|
||||
rp.handleControlPacket(addr, h, data)
|
||||
@ -107,7 +108,7 @@ func (rp *remotePeer) HandlePacket(addr netip.AddrPort, h xHeader, data []byte)
|
||||
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
func (rp *remotePeer) handleControlPacket(addr netip.AddrPort, h xHeader, data []byte) {
|
||||
func (rp *remotePeer) handleControlPacket(addr netip.AddrPort, h header, data []byte) {
|
||||
shared := rp.shared.Load()
|
||||
if shared.controlCipher == nil {
|
||||
rp.logf("Not connected (control).")
|
||||
@ -194,7 +195,7 @@ func (rp *remotePeer) SendData(data []byte) {
|
||||
return
|
||||
}
|
||||
|
||||
h := xHeader{
|
||||
h := header{
|
||||
StreamID: dataStreamID,
|
||||
Counter: atomic.AddUint64(&rp.counter, 1),
|
||||
SourceIP: rp.localIP,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user